Professional Documents
Culture Documents
Programming Manual
(Catalog Numbers 1756 ControlLogix,
1769 CompactLogix, 1789 SoftLogix,
1794 FlexLogix, PowerFlex 700S with
DriveLogix)
Important User Information
Solid state equipment has operational characteristics differing from those of electromechanical equipment. Safety Guidelines for the Appli-
cation, Installation and Maintenance of Solid State Controls (publication SGI-1.1 available from your local Rockwell Automation sales office
or online at http://literature.rockwellautomation.com) describes some important differences between solid state equipment and hard-wired
electromechanical devices. Because of this difference, and also because of the wide variety of uses for solid state equipment, all persons re-
sponsible for applying this equipment must satisfy themselves that each intended application of this equipment is acceptable.
In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from the use or application
of this equipment.
The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and requirements as-
sociated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or liability for actual use based on the ex-
amples and diagrams.
No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or software described in
this manual.
Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation, Inc., is prohibited.
Throughout this manual, when necessary, we use notes to make you aware of safety considerations.
IMPORTANT Identifies information that is critical for successful application and understanding of the product.
Identifies information about practices or circumstances that can lead to personal injury or death,
ATTENTION
property damage, or economic loss. Attentions help you identify a hazard, avoid a hazard, and
recognize the consequence
SHOCK HAZARD Labels may be on or inside the equipment, for example, a drive or motor, to alert people that
dangerous voltage may be present.
BURN HAZARD Labels may be on or inside the equipment, for example, a drive or motor, to alert people that
surfaces may reach dangerous temperatures.
Allen-Bradley, Rockwell Automation, and TechConnect are trademarks of Rockwell Automation, Inc.
Trademarks not belonging to Rockwell Automation are property of their respective companies.
Table of Contents
Chapter 1
Introduction FactoryTalk Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
FactoryTalk Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
RSSecurity Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Chapter 2
Configuring FactoryTalk Security Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
with RSLogix 5000 Install the Rockwell Software Security Emulator . . . . . . . . . . . . . . . . . . 9
Enable Security for RSLogix 5000 Software. . . . . . . . . . . . . . . . . . . . . 13
Install FactoryTalk Service Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Secure an RSLogix 5000 Software Project File. . . . . . . . . . . . . . . . . . . 18
Apply Security to a Controller Resource. . . . . . . . . . . . . . . . . . . . . . . . 22
Chapter 3
Migrating From a Security Server Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Database to a FactoryTalk Server Import a Security Server Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Import Status Text File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Organizer Import Result . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Resource Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Chapter 4
Configure Routine Source Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Protection in RSLogix 5000 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Software Configuring Source Protection on a project file . . . . . . . . . . . . . . . . . . 32
Key File and Key Distribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Remove Access to a Protected Routine . . . . . . . . . . . . . . . . . . . . . 40
Disable Routine Source Protection. . . . . . . . . . . . . . . . . . . . . . . . . 41
Chapter 5
RSLogix 5000 Software CPU Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Security Tool Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Securing a ControlLogix Controller with Logix CPU Security Tool . . 46
Accessing a Secured Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Removing Security from a ControlLogix Controller
with Logix CPU Security Tool. . . . . . . . . . . . . . . . . . . . . . . . . . 51
Removing a Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Notes:
Purpose of this Manual This manual explains how to configure security for RSLogix 5000 software. It
also explains how to setup source protection for your logic and projects. This
manual is one of a set of related manuals that show common procedures for
programming and operating Logix5000 controllers. For a complete list of
common procedures manuals, see the Logix 5000 Controllers Common
Procedures Programming Manual, publication 1756-PM001.
The term Logix5000 controller refers to any controller that is based on the
Logix5000 operating system, such as:
• CompactLogix controllers
• ControlLogix controllers
• DriveLogix controllers
• FlexLogix controllers
• SoftLogix5800 controllers
Notes:
Introduction
This chapter explains what FactoryTalk Security is and how you can
implement security. FactoryTalk Security integrates a common security model
across all FactoryTalk enabled products. The evolution of FactoryTalk Security
software continues with the addition of more products and additional security
functionality.
FactoryTalk Directories
RSSecurity Server
Introduction This chapter describes how to install and configure FactoryTalk Security.
FactoryTalk Security Service Platform (FTSP) software during the installation
of RSLogix5000 software. If you find that the Security feature is not enabled in
RSLogix5000 software as shown in this screen, you will need to enable the
feature. Refer to Enable Security for RSLogix 5000 Software on page 13.
Install the Rockwell RSLogix 5000 software uses the Rockwell Software Security Emulator to
communicate with FactoryTalk Security. Follow these instructions to install the
Software Security Emulator Rockwell Software Security Emulator.
3. Click the I accept the terms in the license agreement and click Next.
Enable Security for RSLogix The SetSecKeys utility must be executed to enable security for RSLogix 5000
software.
5000 Software
1. Locate the SetSecKeys.exe in this folder:
This file is added to the system during the RSLogix 5000 install.
ATTENTION
Once you have enabled security, only Rockwell Automation
Technical Support can turn off RSLogix 5000 security.
Install FactoryTalk Service If you find that the Security feature does not enable in RSLogix5000 software
as shown in this screen, you will need to make sure FactoryTalk Service
Platform Platform (FTSP) is installed properly..
1. Locate and double-click to run the Setup.exe file. The file is at the
following location on the install disk.
3. Check the I accept the terms in the license agreement and click Next.
After the installation is complete, refer back to Enable Security for RSLogix
5000 Software on page 13. If you are still having problems, refer to The
FactoryTalk Security Quick Start, publication FTSEC-QS001.
Secure an RSLogix 5000 Once you have configured the RSLogix 5000 software to be security aware, the
next step is to enable security in a RSLogix 5000 software project file. Follow
Software Project File these steps to secure a project file.
3. Open the RSLogix 5000 project file that you want to secure.
5. Record the Name of the Project file displayed on the General tab. In this
example, the name is DayOfWeek.
TIP The name of the Controller can match the name of the ACD
file, but is not required to.
8. Click Yes on the warning dial box to confirm you want to enable
security for the project file.
11. In the Who Active windows, locate and select the controller resource.
Refer to the selection you made in the section Install the Rockwell Software
Security Emulator on page 9.
5. In the Logical Name drop down list select the Controller name.
This name should match the settings from the Controller Properties
page that you created during Secure an RSLogix 5000 Software Project
File section. The controller name can also be manually typed in if the
name does not appear in the drop down list.
• The controller in the Network and Devices tree will also display
TIP the controller name property next to the controller resource.
• If the name does not appear in the Network and Devices tree,
open RSLinx Classic and navigate to the controller resource with
RSWho. Navigating to the resource in RSLinx Classic will
update the Controller path information in RSLinx Classic.
FactoryTalk Administration Console uses the controller path
information from RSLinx Classic to display Controllers. Once the
path information is updated in RSLinx Classic, open the
FactoryTalk Administration Console and right click on the
Network and Devices tree and select refresh.
6. Once the Logical Name for the Controller has been set to match the
Controller name, click OK to continue.
Introduction This chapter describes how to migrate from a Security Server Database to a
FactoryTalk Server. To migrate to a FactoryTalk Security Server you must first
export the security server database and then import the datebase into
FactoryTalk.
Import a Security Server Follow these steps to import a security server database into FactoryTalk
Security.
Database
1. From the Start menu, select Programs -> Rockwell Software ->
FactoryTalk Tools -> Import RSSecurity Configuration
9. Right click, select add area, and browse to the resource location.
11. Review how these were mapped in to existing FT applications and click
OK.
This graphic shows and example of the Import Status text file that is created
when an import is completed.
This graphic shows the results of the import process in the Organizer.
Resource Editor
This graphic shows the results of the import in the Resource Editor.
Notes:
Introduction This chapter describes how to apply source protection to your RSLogix 5000
routines and Add-On Instructions.
1. Locate the Source Protection tool on the RSLogix 5000 installation CD:
d:\ENU\Tools\Source Protection Tool
3. Click Yes.
Configuring Source Follow these steps to configure source protection on a project file.
Protection on a project file
The key file can be saved in any accessible folder. In this example
C:\RSLogix5000\Project folder was specified as the key file location.
6. Click OK to continue.
If a key file in not found in the specified location, you will be prompted
to create a new key file.
In this example, dayofweek is being set as the key for the routine
DayOfWeek. Normally the key would not be set to match the routine
name.
11. Select the next routine that requires protection and select Protect.
In this example test_dow is being set as the key for the routine
Test_Dow and the Test_DOW routine will be viewable.
14. Once all the routines and Add On-Instructions that requires protection
are assigned keys, click Close.
When the project file is opened on a system that does not contain the keys
used to secure the routines and Add-On Instructions, they will be protected
based on the setting in Source Protection Configuration. Test_DOW was
protected and set to viewable in Source Protection Configuration.
The routine can be opened as read only on a system that does not contain the
key for the routine, but the user will not be able to modify the routine.
Routines or Add-On Instructions that are protected, but were not configured
as viewable cannot be opened. The DayOfWeek routine cannot be opened on
a system that does not have the key used to protect the routine. In this graphic,
the icon for the routine is grayed out, indicating the routine cannot be opened.
The MyValveAOI cannot be viewed on a system the does not contain the key
used to protect the Add-On Instruction. This is because MyValveAOI was
protected, but not set to be viewable. The Add-On Instruction is shown in the
project's explorer window, but the Parameters and Local Tags for the Add-On
Instructions are not viewable on a system that does not contain the required
key used to protect it.
Key File and Key The Source Protection keys are stored in text file un-encrypted. It is
recommended that the key file be backed up and stored in a secure location. If
Distribution necessary, the individual keys can be distributed or provided to the necessary
parties.
The keys created when the routines and Add-On Instructions were secured
with Source Protection were stored in the file sk.dat un-encrypted.
IMPORTANT Before you remove the source key file (sk.dat) from a computer
either write down the source keys or make a copy of the file
and store it in a secure location.
2. From the Tools menu, choose Security > Configure Source Protection.
3. Click Clear.
A dialog box asks if you want to delete the source key file (sk.dat).
4. Select Yes, to remove or No, not to remove the source key file from the
computer.
IMPORTANT Before you remove the source key file (sk.dat) from a computer
either write down the source keys or make a copy of the file and
store it in a secure location.
2. From the Tools menu, choose Security > Configure Source Protection.
4. Choose Yes.
A dialog box asks if you want to delete the source key file (sk.dat).
5. Select Yes, to remove or No, not to remove the source key file from the
computer.
Notes:
Introduction This chapter describes how to use the RSLogix 5000 CPU Security Tool to
lock a controller. When a controller is locked, no one can access until it is
unlocked.
Installation The Logix CPU Security Tool is automatically installed when you install
RSLogix 5000 software, version 17. If you find it is not installed follow these
installation instructions. The install file is located on the RSLogix 5000
installation CD under the Tools folder.
2. Click Next.
3. Review the license agreement, select the I Agree radio button, and click
Next.
5. Check the Add to Custom Tools box, if it is not already checked and
click Next.
7. Please wait while the CPU Security Tool runs through the installation
process.
Securing a ControlLogix You can secure a controller with the Logix CPU Security Tool. The tool is
installed under the RSLogix 5000 Tools menu.
Controller with Logix CPU
Security Tool
Before a controller can be secured, the path the controller must be specified.
3. Select the controller that you need to secure and click OK.
The Logix CPU Security Tool displays the current status of the controller.
5. Enter a password in the new password field and confirm the password
and click OK.
The Password Status for the controller now indicates a Password exists in the
controller, but the controller is not secured yet.
When you try to access a controller that has been secured by the Logix CPU
Security Tool and you don’t have a local copy of the project file on your
computer, you will be prompted to select the proper file.
If you don’t have a local copy of the project file on your computer, you
will be prompted to select a file.
3. Click Select file to either find the project file or to identify a location
where to save a project file.
6. Click OK to continue.
If the project file already exists on the your system, an error message displays
that indicates that the controller is secured and you cannot go online.
3. Select the controller that you want to be unsecured and click OK.
The controller is
currently secured.
The controller is now unsecured, but the controller still knows the
password.
6. Select Exit.
7. Click Yes to confirm exit and leave the controller in an unsecured state.
Removing a Password
You can complete this form and mail (or fax) it back to us or email us at
RADocumentComments@ra.rockwell.com.
Cat. No. 1756 ControlLogix, 1769 Pub. No. 1756-PM016B-EN-P Pub. Date July 2008 Part No.
CompactLogix, 1789
SoftLogix, 1794 FlexLogix,
PowerFlex 700S with
DriveLogix
Please complete the sections below. Where applicable, rank the feature (1=needs improvement, 2=satisfactory, and 3=outstanding).
Overall Usefulness 1 2 3 How can we make this publication more useful for you?
Other Comments You can add additional comments on the back of this form.
Your Name
Your Title/Function Would you like us to contact you regarding your comments?
Location/Phone ___No, there is no need to contact me
___Yes, please call me
___Yes, please email me at _______________________
___Yes, please contact me via _____________________
Other Comments
NO POSTAGE
NECESSARY
IF MAILED
IN THE
UNITED STATES
1 ALLEN-BRADLEY DR
MAYFIELD HEIGHTS OH 44124-9705
Publication 1756-PM016B-EN-P - July 2008 59
Supersedes Publication 1756-PM016A-EN-P - September 2007 Copyright © 2008 Rockwell Automation, Inc. All rights reserved. Printed in the U.S.A.
Rockwell Automation Rockwell Automation provides technical information on the Web to assist you in using
its products. At http://support.rockwellautomation.com, you can find technical
Support manuals, a knowledge base of FAQs, technical and application notes, sample code and
links to software service packs, and a MySupport feature that you can customize to
make the best use of these tools.
For an additional level of technical phone support for installation, configuration, and
troubleshooting, we offer TechConnect support programs. For more information,
contact your local distributor or Rockwell Automation representative, or visit
http://support.rockwellautomation.com.
Installation Assistance
If you experience a problem within the first 24 hours of installation, please review the
information that's contained in this manual. You can also contact a special Customer
Support number for initial help in getting your product up and running.
Rockwell Automation tests all of its products to ensure that they are fully operational
when shipped from the manufacturing facility. However, if your product is not
functioning and needs to be returned, follow these procedures.
United States Contact your distributor. You must provide a Customer Support case
number (call the phone number above to obtain one) to your distributor
in order to complete the return process.
Outside United Please contact your local Rockwell Automation representative for the
States return procedure.